How to use ALLOWED_DEST_FQDN?

[alveox]

Hi, from what i read restricting outgoing to an ip/fqdn is do able on socks5-server, is there any guide for it?

already tried "- ALLOWED_DEST_FQDN=(ip address) or - ALLOWED_DEST_FQDN=(cnn.com)" but nothing is working, the client cant open anything with that env enabled on compose.

[exaV]

I face the same issue and investigated for a bit. The reason it does not work is that the filtering only implemented for domain names, not for ip addresses.

Here req.DestAddr.FQDN is checked against a pattern read from ALLOWED_DEST_FQDN https://github.com/serjs/socks5-server/blob/master/ruleset.go#L22

However req.DestAddr.FQDN is only defined if the address type was fqdnAddress (the two other cases are ipv6Address and ipv4Address). Therefore if you connect directly to an ip-address while having ALLOWED_DEST_FQDN in place you just get an error. https://github.com/armon/go-socks5/blob/master/request.go#L290

To fix this we would need another environment variable to configure allowed ip-address patterns for ipv4 and ipv6.

@serjs Could you add an option to the restrict destination ipv4 address?